chiark / gitweb /
~ianmdlvl / elogind.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
bus-proxyd: don't allow to acquire org.freedesktop.DBus name
[elogind.git] / src / bus-proxyd / bus-proxyd.c
diff --git a/src/bus-proxyd/bus-proxyd.c b/src/bus-proxyd/bus-proxyd.c
index 583416a43f03bf3de5a8738727517cc32cd50e5e..fc70cce9402392dea2795996cb81ae0d18202af9 100644 (file)
--- a/src/bus-proxyd/bus-proxyd.c
+++ b/src/bus-proxyd/bus-proxyd.c
@@ -139,9 +139,9 @@ static int parse_argv(int argc, char *argv[]) {
                                 return log_oom();
 
 #ifdef ENABLE_KDBUS
-                        a = strjoin("x-container-kernel:machine=", e, ";x-container-unix:machine=", e, NULL);
+                        a = strjoin("x-machine-kernel:machine=", e, ";x-machine-unix:machine=", e, NULL);
 #else
-                        a = strjoin("x-container-unix:machine=", e, NULL);
+                        a = strjoin("x-machine-unix:machine=", e, NULL);
 #endif
                         if (!a)
                                 return log_oom();
@@ -829,6 +829,10 @@ static int process_driver(sd_bus *a, sd_bus *b, sd_bus_message *m, Policy *polic
                 if (r < 0)
                         return synthetic_reply_method_errno(m, r, NULL);
 
+                if (streq(name, "org.freedesktop.DBus"))
+                        return synthetic_reply_method_error(m, &SD_BUS_ERROR_MAKE_CONST(SD_BUS_ERROR_INVALID_ARGS,
+                                                            "Connection is not allowed to own the org.freedesktop.DBus service."));
+
                 if (policy && !policy_check_own(policy, ucred->uid, ucred->gid, name))
                         return synthetic_reply_method_errno(m, -EPERM, NULL);
 
@@ -1021,7 +1025,7 @@ static int process_policy(sd_bus *from, sd_bus *to, sd_bus_message *m, Policy *p
                 }
 
                 if (granted) {
-                        /* Then check whether us (the recipient) can recieve from the sender's name */
+                        /* Then check whether us (the recipient) can receive from the sender's name */
                         if (strv_isempty(sender_names)) {
                                 if (policy_check_recv(policy, our_ucred->uid, our_ucred->gid, m->header->type, NULL, m->path, m->interface, m->member))
                                         return 0;
Unnamed repository; edit this file 'description' to name the repository.